Ajeet Raina Docker Captain, ARM Innovator & Docker Bangalore Community Leader.

Top 5 Docker Myths and Facts That You Should be Aware of

5 min read

 

Today, every fast-growing business enterprise has to deploy new features of their app rapidly if they really want to survive in this competitive market. Developing apps today requires so much more than writing code. For developers, there is a vast array of complex tooling and a duplicate set of commands and tasks to go from local desktop to cloud-native development. It takes hours and possibly days for the development team to decide on the right cloud environment to meet their requirements and to have that environment successfully set up. Docker simplifies and accelerates your workflow, while giving developers the freedom to innovate with their choice of tools, application stacks, and deployment environments for each project.

With over 396 billion all-time DockerHub pulls, 16.2 million Docker Desktop downloads & 9 million Docker accounts, Docker is still the most popular container platform among developers. If you search “Docker ” in GitHub, you will find over 20 million code results, 690 K repositories and over 14,000 discussions around Docker. It shows how Docker is being used by millions of developers to build, share, and run any app, anywhere. As per the latest StackOverFlow 2021 survey, Docker is still the #1 most wanted and #2 most loved developer tools, and helps millions of developers build, share and run any app, anywhere – on-prem or in the cloud. 

Today, all major cloud providers use Docker platform. For example, AWS and Docker have collaborated to make a simplified developer experience that enables you to deploy and manage containers on Amazon ECS directly using Docker tools. Amazon ECS uses Docker images in task definitions to launch containers as part of tasks in your clusters. This year, Docker announced that all of the Docker Official Images are now made available on AWS ECR Public.

The Docker Azure Integration enables developers to use native Docker commands to run applications in Azure Container Instances (ACI) when building cloud-native applications. The new experience provides a tight integration between Docker Desktop and Microsoft Azure allowing developers to quickly run applications using the Docker CLI or VS Code extension, to switch seamlessly from local development to cloud deployment. Nevertheless, technologies and tools available from Docker and its open source project, Moby, have been leveraged by all major data center vendors and cloud providers. Many of these providers are leveraging Docker for their container-native IaaS offerings. Additionally, the leading open source serverless frameworks utilize Docker container technology.

Undoubtedly, Docker today is the de facto standard for most of the developers for packaging their apps but as the container market continues to evolve and diversify in terms of standards and implementations, there is a rise of a confusion among the enterprise developers  to choose the right container platform for their environment. Fortunately, I am here to help you with top 5 reasons debunking many of these modern myths. This blog aims to clear up some commonly held misconceptions in the field of Docker capabilities. The truth, as they say, shall set you free and ‘whalified’.

Myth – 1: Docker doesn’t support rootless containers

This myth says that the Docker daemon requires root privileges and hence admins can’t launch containers as a non-privileged user. 

Fact: Rootless mode was introduced in Docker Engine v19.03 as an experimental feature. Rootless mode graduated from experimental mode in Docker Engine v20.10. This means that Docker today can also be run as a non-root user. Rootless containers have a huge advantage over rootful containers since (you guessed it) they do not run under the root account. The benefit of this is that if an attacker is able to capture and escape a container, this attacker is still a normal user on the host. Containers that are started by a user cannot have more privileges or capabilities than the user itself.

Learn more – https://docs.docker.com/engine/security/rootless/

Myth – 2: Docker doesn’t support daemonless architecture. 

Let us understand this myth. It says that when working with Docker, you have to use the Docker CLI, which communicates with a background daemon (the Docker daemon). The main logic resides in the daemon, which builds images and executes containers. This daemon runs with root privileges which presents a security challenge when providing root privileges to users. It also means that an improperly configured Docker container could potentially access the host filesystem without restriction. As Docker depends on a daemon running in the background, whenever a problem arises with the daemon, container management comes to a halt. This point of failure therefore becomes a potential problem.

Fact: By default, when the Docker daemon terminates, it shuts down running containers. You can configure the daemon so that containers remain running if the daemon becomes unavailable. This functionality is called live restore. The live restore option helps reduce container downtime due to daemon crashes, planned outages, or upgrades. To  enable the live restore setting to keep containers alive when the daemon becomes unavailable, you can add the configuration to the daemon configuration file:

On Linux, this defaults to /etc/docker/daemon.json.  On Docker Desktop for Mac or Docker Desktop for Windows, select the Docker icon from the task bar, then click Preferences -> Docker Engine 

Use the following JSON to enable live-restore.

{

"live-restore": true

}

Learn more: https://docs.docker.com/config/containers/live-restore/ 

Myth – 3: Docker doesn’t support Container Image signing

This myth states that Docker is not secure. Docker images can’t be trusted as they are not signed. Docker doesn’t validate your images and doesn’t have capability to track the source from where the Docker images are being pulled.

Fact: Docker Content Trust has been there since v1.8. Docker version 1.8 introduces Content Trust, which allows you to verify the authenticity, integrity, and publication date of Docker images that are made available on the Docker Hub Registry. Docker Content Trust (DCT) provides the ability to use digital signatures for data sent to and received from remote Docker registries. These signatures allow client-side or runtime verification of the integrity and publisher of specific image tags. 

Within the Docker CLI we can sign and push a container image with the ‘docker trust’ command syntax. This is built on top of the Notary feature set. A prerequisite for signing an image is a Docker Registry with a Notary server attached (such as the Docker Hub ).

docker trust

Usage:  docker trust COMMAND

Manage trust on Docker images

Management Commands:
  key         Manage keys for signing Docker images
  signer      Manage entities who can sign Docker images

Commands:
  inspect     Return low-level information about keys and signatures
  revoke      Remove trust for an image
  sign        Sign an image

Run 'docker trust COMMAND --help' for more information on a command.


Learn more – https://docs.docker.com/engine/security/trust/

Myth – 4: Docker is becoming paid and not free software anymore

This myth states that Docker is not free software anymore. Docker has completely monetized the software and hence one needs to pay for the subscription if they want to use it.

Fact: Docker Engine and all upstream open source Docker and Moby projects are still free. Docker Desktop is free to download and install for your personal use. If you’re running a small business with fewer than 250 employees and less than $10 million in annual revenue, Docker Desktop is  still free. No matter, if you are a student or an instructor either in an academic or professional environment, it is still free to download and install. If you are working on any open source non-commercial project hosted over GitHub and abide by the Open Source Initiative definition, you can use Docker Desktop for free. All you need to do is to fill up the form and apply here.

For your open source project namespace on Docker Hub, Docker offers unlimited pulls and unlimited egress to any and all users, with no egress restrictions applying to any Docker users pulling images from that namespace. In addition, if your open source project uses Autobuild capabilities, you can continue using them for free. You are also free to continue to use Docker Desktop via the Docker Personal subscription. 

Myth – 5: Docker doesn’t support Kubernetes

This myth states that Docker is incapable to run Kubernetes Pods. A Pod represents a single instance of a running process in your cluster. Pods contain one or more containers, such as Docker containers. When a Pod runs multiple containers, the containers are managed as a single entity and share the Pod’s resources.

Fact: Docker Desktop does allow you to run Kubernetes Pods. If you have Docker Desktop installed in your Mac or Windows system, you can enable Kubernetes under Dashboard UI and then deploy Pods over it. You can even use the native Docker compose tool to bring up Kubernetes resources seamlessly.

Learn more – https://docs.docker.com/desktop/kubernetes/ 

Conclusion:

Docker today is still heavily used by millions of developers to build, share, and run any app, anywhere, almost everyday. It is enabling developers to accelerate their productivity and spend more time on delivering value that’s core to their business. If you are looking out for matured, stable and enterprise-ready container desktop platform, Docker Desktop is a right choice for you and your organization.

References:

Here at Collabnix Community Slack , we’re happy to chat around Docker and how it is being adopted by millions of Developer communities. If interested, leave your comments below.

Have Queries? Join https://launchpass.com/collabnix

Ajeet Raina Docker Captain, ARM Innovator & Docker Bangalore Community Leader.

43 Replies to “Top 5 Docker Myths and Facts That You Should…”

  1. Youre so cool! I dont suppose Ive learn something like this before. So good to find someone with some unique thoughts on this subject. realy thanks for starting this up. this website is one thing that’s wanted on the net, somebody with slightly originality. useful job for bringing one thing new to the web!

  2. Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point. You obviously know what youre talking about, why throw away your intelligence on just posting videos to your blog when you could be giving us something enlightening to read?

  3. Once I initially commented I clicked the -Notify me when new feedback are added- checkbox and now each time a remark is added I get four emails with the same comment. Is there any manner you possibly can remove me from that service? Thanks!

  4. Hey just wanted to give you a quick heads up and let you know a few of the images aren’t loading correctly. I’m not sure why but I think its a linking issue. I’ve tried it in two different internet browsers and both show the same outcome.

  5. Thanks for all your valuable efforts on this site. My mother takes pleasure in participating in research and it’s really easy to understand why. Many of us hear all of the lively form you create great information via your web blog and therefore improve contribution from the others about this theme while our girl is in fact being taught a great deal. Have fun with the rest of the new year. You’re the one carrying out a really good job.

  6. I precisely desired to thank you very much once again. I’m not certain the things I would’ve undertaken without the entire techniques documented by you directly on such theme. It became a real terrifying problem in my view, however , taking a look at this expert approach you handled that made me to cry over contentment. Now i’m grateful for your work and have high hopes you realize what a great job that you are putting in teaching some other people through your blog. I’m certain you haven’t encountered any of us.

  7. Do you mind if I quote a couple of your posts as long as I provide credit and sources back to your weblog? My blog is in the exact same niche as yours and my visitors would truly benefit from a lot of the information you present here. Please let me know if this ok with you. Thanks a lot!

  8. Please let me know if you’re looking for a article author for your blog. You have some really good articles and I think I would be a good asset. If you ever want to take some of the load off, I’d really like to write some articles for your blog in exchange for a link back to mine. Please shoot me an email if interested. Regards!

  9. hi!,I like your writing so much! share we communicate more about your article on AOL? I require an expert on this area to solve my problem. May be that’s you! Looking forward to see you.

  10. Having read this I thought it was very informative. I appreciate you taking the time and effort to put this article together. I once again find myself spending way to much time both reading and commenting. But so what, it was still worth it!

  11. Do you have a spam problem on this website; I also am a blogger, and I was curious about your situation; we have created some nice methods and we are looking to swap methods with others, why not shoot me an email if interested.

  12. I am extremely inspired with your writing abilities and also with the format for your weblog. Is this a paid theme or did you customize it your self? Either way stay up the nice high quality writing, it’s rare to see a great blog like this one nowadays..

  13. Excellent post. I was checking continuously this blog and I’m impressed! Very useful info particularly the last part 🙂 I care for such information much. I was looking for this particular information for a very long time. Thank you and good luck.

  14. I have been exploring for a bit for any high-quality articles or blog posts on this kind of area . Exploring in Yahoo I eventually stumbled upon this site. Reading this information So i am happy to exhibit that I have a very just right uncanny feeling I came upon exactly what I needed. I so much unquestionably will make certain to don?¦t disregard this site and provides it a look on a constant basis.

  15. Howdy! I just want to give a huge thumbs up for the good info you may have right here on this post. I will probably be coming back to your weblog for extra soon.

  16. Do you mind if I quote a few of your posts as long as I provide credit and sources back to your site? My blog is in the very same area of interest as yours and my users would truly benefit from some of the information you present here. Please let me know if this alright with you. Cheers!

  17. You can definitely see your expertise in the work you write. The world hopes for even more passionate writers like you who are not afraid to say how they believe. Always go after your heart.

  18. Awesome blog! Is your theme custom made or did you download it from somewhere? A design like yours with a few simple adjustements would really make my blog shine. Please let me know where you got your design. With thanks

  19. My programmer is trying to persuade me to move to .net from PHP. I have always disliked the idea because of the costs. But he’s tryiong none the less. I’ve been using WordPress on numerous websites for about a year and am anxious about switching to another platform. I have heard excellent things about blogengine.net. Is there a way I can transfer all my wordpress posts into it? Any kind of help would be really appreciated!

  20. I’m impressed, I have to say. Really rarely do I encounter a weblog that’s each educative and entertaining, and let me tell you, you’ve hit the nail on the head. Your thought is excellent; the difficulty is one thing that not enough persons are speaking intelligently about. I am very completely satisfied that I stumbled throughout this in my search for something relating to this.

  21. Awsome info and right to the point. I don’t know if this is actually the best place to ask but do you folks have any ideea where to employ some professional writers? Thanks 🙂

  22. I’m not sure exactly why but this blog is loading extremely slow for me. Is anyone else having this issue or is it a problem on my end? I’ll check back later on and see if the problem still exists.

  23. I have not checked in here for some time because I thought it was getting boring, but the last several posts are good quality so I guess I will add you back to my daily bloglist. You deserve it my friend 🙂

  24. I was just seeking this information for a while. After six hours of continuous Googleing, finally I got it in your web site. I wonder what is the lack of Google strategy that do not rank this kind of informative websites in top of the list. Normally the top websites are full of garbage.

  25. Hello there! I know this is kinda off topic but I was wondering if you knew where I could get a captcha plugin for my comment form? I’m using the same blog platform as yours and I’m having problems finding one? Thanks a lot!

  26. Do you mind if I quote a couple of your articles as long as I provide credit and sources back to your website? My website is in the very same niche as yours and my visitors would truly benefit from some of the information you provide here. Please let me know if this ok with you. Appreciate it!

Leave a Reply

Your email address will not be published.